Commit Graph

6765 Commits

Author SHA1 Message Date
David Garske d1e6ce064f Merge pull request #5832 from JacobBarthelmeh/fuzzing
free signer if malloc cases fail
2022-12-01 10:35:15 -08:00
Stefan Eissing e5cfd96609 QUIC API support in OpenSSL compat layer, as needed by HAProxy integration.
- adding patch for HAProxy, see dod/QUIC.md, based on current master.
      For documentaton purposes, since HAProxy does not accept PRs. To be
      removed once forwarded to the project.
2022-12-01 10:12:35 +01:00
JacobBarthelmeh 01833a369e free signer if malloc cases fail 2022-11-30 10:02:33 -08:00
Anthony Hu 7c576de914 Fixes from testing 2022-11-25 16:00:09 -05:00
Anthony Hu 0bfa5c9836 Purge NTRU and SABER. Not going to be standardized. 2022-11-25 14:54:08 -05:00
Anthony Hu 5e191b7218 Remove some unnecessary guarding. Preventing build on STM32. 2022-11-24 11:49:12 -05:00
Sean Parkinson cf8ea5c606 Merge pull request #5812 from ejohnstown/crl-ocsp
OCSP/CRL
2022-11-24 12:42:17 +10:00
John Safranek 88f3570fe4 OCSP/CRL
Added comments for the usage of OCSP_WANT_READ used with the CRL I/O
callback.
2022-11-23 16:35:10 -08:00
David Garske 0a38553909 Merge pull request #5798 from JacobBarthelmeh/python
account for 'pulled' error nodes
2022-11-23 14:57:03 -08:00
John Safranek 909fd726cd OCSP/CRL
Fixing issue #3070. When the OCSP responder returns an unknown exception,
continue through to checking the CRL. Before, it was setting the flag
to check CRL, then clearing it because of the exception.
2022-11-23 10:50:12 -08:00
Anthony Hu f3546b50fd Conform to pre-existing pattern. 2022-11-23 17:58:12 +00:00
Anthony Hu 6190666108 Support for Analog Devices MAXQ1080 and MAXQ1065 2022-11-23 11:57:31 -05:00
Sean Parkinson 54466b670a Merge pull request #5810 from Uriah-wolfSSL/haproxy-integration
Added required config option and return value for HaProxy
2022-11-23 10:01:17 +10:00
Jacob Barthelmeh b6ae17804a update comments and check error case 2022-11-22 11:22:38 -07:00
Uriah Pollock d373c0856a Added required config option and return value for HaProxy 2022-11-22 10:42:05 -06:00
Juliusz Sosinowicz 50f19ec225 Merge pull request #5806 from embhorn/zd15177
Fix X509_get1_ocsp to set num of elements in stack
2022-11-22 12:00:08 +01:00
Sean Parkinson 55718d214c Merge pull request #5801 from philljj/zd15172
Fix leak in wolfSSL_X509_NAME_ENTRY_get_object.
2022-11-22 15:11:18 +10:00
Eric Blankenhorn dee73887b8 Fix X509_get1_ocsp to set num of elements in stack 2022-11-21 08:25:46 -06:00
Daniel Pouzzner 6f98a5b271 src/internal.c: in VerifyServerSuite(), narrow condition and fix return value in error check added in 647ce794dd. 2022-11-18 22:21:08 -06:00
jordan 153ab82ad8 Fix leak in wolfSSL_X509_NAME_ENTRY_get_object. 2022-11-18 11:23:15 -06:00
JacobBarthelmeh 143dac64a3 account for 'pulled' error nodes 2022-11-17 14:51:37 -08:00
David Garske bd7b442df3 Merge pull request #5796 from tmael/mem_err
Propagate malloc returning NULL up the call stack
2022-11-16 12:45:42 -08:00
Tesfa Mael 2a2cf5671e Move error check in CompareSuites 2022-11-16 09:29:24 -08:00
Tesfa Mael 647ce794dd unmask malloc returning NULL 2022-11-16 09:25:25 -08:00
jordan 17105606b1 Cleanup format and typos, and use WOLFSSL_FILETYPE. 2022-11-15 11:45:11 -06:00
jordan 81ed2a60b4 Support ASN1/DER CRLs in LoadCertByIssuer.
This fixes hash based dir lookup of ASN1/DER CRLs in OpenSSL
compatible API. The function wolfSSL_X509_load_crl_file is
called with entry->dir_type, rather than hardcoded filetype.

A new test crl was added, and existing crl 0fdb2da4.r0 was
reorganized to a new dir.

Also, completes the stub wolfSSL_X509_LOOKUP_add_dir. A new
test function test_X509_LOOKUP_add_dir was added to tests/api.c
2022-11-11 15:13:00 -06:00
David Garske f4621a6807 Merge pull request #5786 from philljj/zd15125
Fix incorrect self signed error return.
2022-11-10 14:13:38 -08:00
jordan 5ad6ff23d5 Use local int lastErr instead of args->lastErr. 2022-11-10 13:46:51 -06:00
David Garske 3b23a49a5f Merge pull request #5761 from tim-weller-wolfssl/zd15084-x509-crl-fail
Link newly created x509 store's certificate manager to self by default
2022-11-10 06:10:18 -08:00
David Garske c573ba9864 Merge pull request #5758 from per-allansson/dtls13-fips
Allow DTLS 1.3 to compile when FIPS is enabled
2022-11-09 18:18:06 -08:00
Sean Parkinson 5d2124e70d Merge pull request #5787 from dgarske/fixes_minor
Fix for `test_wolfSSL_sk_CIPHER_description` incorrectly failing
2022-11-10 09:22:08 +10:00
tim-weller-wolfssl 3bc3ec25b8 Add link of newly created x509 store's certificate manager to self by default 2022-11-09 17:17:30 -06:00
David Garske 57ae840f39 Fix for test_wolfSSL_sk_CIPHER_description incorrectly failing with TLS v1.3 NULL cipher. 2022-11-09 12:05:16 -08:00
jordan 961c696436 Fix incorrect self signed error return.
ASN_SELF_SIGNED_E was being overwritten with ASN_NO_SIGNER_E when
compiled with certreq and certgen.
2022-11-09 10:27:31 -06:00
David Garske eac3b4e189 Merge pull request #5752 from julek-wolfssl/alt-name-str-type
Set alt name type to V_ASN1_IA5STRING
2022-11-08 15:42:39 -08:00
Daniel Pouzzner 48ba365fd6 fixes for defects:
clang-analyzer-deadcode.DeadStores in examples/server/server.c;

-Werror=use-after-free and LeakSanitizer Direct leak in tests/api.c;

nullPointerRedundantCheck in src/pk.c which identified a semantically consequential flub.
2022-11-08 14:04:16 -06:00
Sean Parkinson 3d228415f4 Merge pull request #5734 from dgarske/zd15017
Fixes for async sniffer handling of packets with multiple TLS messages
2022-11-08 14:46:40 +10:00
David Garske 887b4bd9f0 Merge pull request #5767 from haydenroche5/load_system_root_certs
Improve logic for enabling system CA certs on Apple devices.
2022-11-07 15:15:13 -08:00
David Garske 6ca8336c52 Fix for asynchronous sniffer edge case for back to back sessions where new session was created while still pending. 2022-11-07 13:52:40 -08:00
David Garske 59774ae576 Fixes for building with use of heap hint and compatibility layer. Fix for invalid OSSL callback function errors. 2022-11-07 11:33:39 -08:00
Hayden Roche d7cbd8cd17 Improve logic for enabling system CA certs on Apple devices.
In configure.ac and CMakeLists.txt, check for the header
Security/SecTrustSettings.h. If this header is found, enable the feature. If
it isn't, disable it. For non-configure/non-CMake builds, require the user to
explicitly define HAVE_SECURITY_SECTRUSTSETTINGS_H if they want to use system
CA certs (handled in settings.h).
2022-11-04 13:52:45 -07:00
Hayden Roche 5d70f3efce Merge pull request #5730 from philljj/zd15040 2022-11-04 13:32:48 -07:00
Hayden Roche 4a917219f7 Merge pull request #5608 from SparkiDev/pk_c_rework_2 2022-11-04 13:32:36 -07:00
Hayden Roche e3621d5bb1 Merge pull request #5771 from dgarske/revert-5622-sniffer_sequence 2022-11-04 13:25:48 -07:00
JacobBarthelmeh 8225d3642b save next status with OCSP response verify 2022-11-03 22:39:47 -07:00
David Garske 1ec2b14922 Revert "Fix for sniffer to decode out of order packets" 2022-11-03 09:50:15 -07:00
Per Allansson 0a88bb9779 Allow DTLS 1.3 to compile when FIPS is enabled 2022-10-31 08:42:13 +01:00
Sean Parkinson 4efba8f437 ForceZero fix: encryption fail and not EtM
Zeroizing of plaintext on encryption failure will use wrong size when
not using Encrypt-then-MAC. Size may go negative and cast to unsigned.
2022-10-31 09:14:16 +10:00
Juliusz Sosinowicz 8bbbdfa3f9 Set alt name type to V_ASN1_IA5STRING 2022-10-28 19:58:01 +02:00
jordan c4e758dda5 Fix X509 subject and issuer name_hash mismatch
Fix logging message and g++ invalid conversion error.
2022-10-27 19:31:30 -05:00